Self-hosting
Self-hosted agents enable you to deploy Runops agents inside your
infrastructure. There are two main reasons why you may want to use them:
- Keep all your data and secrets in your cloud account. - Run Tasks on
Connections in private networks
The agent running inside your infrastructure ensures that any
credentials to your internal systems or access results with
potentially sensitive data never leave your
infrastructure.
After polling a task from the Runops API, the agent queries your
Secrets Management solution to get temporary access to the
credentials.
You can use Hashicorp Vault, AWS Secrets Manager, and GCP Secrets.
Alternatively, you can use Kubernetes Secrets to store credentials when
you deploy the agent to Kubernetes.
The agent will then perform the access and notify the API.
The Agent redacts any PII data from the logs and only
then forwards the result to the user.
You can use multiple agents to access different networks and
environments. You add tags to Agents that tell them which tasks they
should fetch from the Runops API.
One additional benefit from this architecture is that you
don’t need a VPN to access resources in private
networks.
Summary
- Self-host agents to access private networks.
- Improved security by keeping secrets on-premises.
- Shutdown your VPN.
AWS Reference Architecture
Here is what it would look like to run the Agent in AWS.
